|
|
Virus Hype: Is The Sky Really Falling?
|
|
She had been listening to me talk about viruses on the air for weeks and wanted to know what she needed to do about it. However, she didn't want the antivirus software to slow down her computer.
I've come across this same concern about computer performance by very technical people-people who know firsthand what computer viruses can do to computers. They know they need antivirus software, but they don't want their computers to be impacted by it. Those few percentage points of performance (or perceived performance) are just more important than the potential of lost data. After all, nothing bad has happened yet…
Or there's the person who believes that the antivirus software that came with their new computer 3 years ago is just fine. I usually ask them when the last time was that they updated the virus definitions. They usually don't know what I'm talking about.
What is the reality of antivirus software? Is it something we have to have? Is it the brainchild of malicious hackers who want to create demand for a product they can profit from? It seems like every week there's some new "sky is falling" prediction of catastrophic computer doom.
After years of listening to some rather loud and occasionally colorful antivirus "personalities" proclaim that the end of the world was near, it still hasn't happened. Sure, every week there are many new computer viruses, but only a small fraction make it to anyone's computer. Most of the viruses created in labs stay there in a kind of zoo. The rest become "wild" and do create some unhappiness in the world, and antivirus companies shout as loudly and as often as they can to get people to buy their products and update their virus definitions.
The continued end of the world predictions that come from security companies, particularly antivirus companies, have the effect of making us tune them out altogether. It's quite a bit like the homeland security color-coded alert system where we've been color-coded into numbness. I can't tell you anymore what the current threat level is or why it matters. Oh yes, the Department of Homeland Security website tells me we have a yellow threat level today. Does that mean I need to wrap my laptop in duct tape?
To their credit, several antivirus companies have now started listing some sort of "threat-con" rating on their websites. Each of us with a computer dutifully checks those websites daily, right? Actually, the only people I know who look at those are help-desk personnel who want to know what kind of day they are in for and figure out whether they should call in sick.
Home users the greatest challenge to the antivirus community. Without dedicated information technology departments to manage updates of antivirus software, the home user is expected to be a technical expert, knowing what to look out for and how to protect themselves.
A Sacramento radio personality gave me his computer to fix after complaining that it had become excessively slow and was locking up all the time. An examination of his computer showed that he had three different antivirus programs on his computer. None of them had been updated in months (or years), and none of them protected him against the actual infection he had received, damaging several dozen files on his computer. Thinking that more is better, a false sense of security settled in.
Security product vendors take advantage of the situation with the time-honored "security by press release" method. Every once in a while these dire announcements make their way to television and radio outlets. Occasionally the hype is justified, but more often it is not. Responding to the endless hype,
TruSecure has made a helpful contribution with its "Hype or Hot" list (http://www.trusecure.com/knowledge/hypeorhot/). Of course, you'll find plenty of hype on this website as well, particularly when it comes to pitching their "continuous" TruSecure service.
Antivirus myth busters, Vmyths.com, had dubbed the phenomena "hystericanes" (hysteria hurricanes). According to Vmyths, there are three kinds of hystericanes. The first type seem to follow a 3-4 year cycle, with such names as Columbus Day, Michaelangelo, Hare, and the Y2K viruses. The second type are the result of hoaxes and urban legends, such as Good Times, AOL4FREE, and others. The third type comes as a "red alert" (touted by the usual suspects) that some virus attack is in progress such as Melissa, ILoveYou and Kournikova. It's not that these virus outbreaks aren't real, it's just that they are completely overblown in proportion to what really is going on.
I'm sure there are going to be emails this time from well-meaning system administrators who are going to tell me that they spent sleepless nights battling computer viruses. I have done so myself. I don't discount the reality of these events, but merely want to point out how overblown they become in the media and the dangerous effect of repeatedly warning that the sky is falling. The end result of virus hysteria is that the average person with a computer has no idea what to pay attention to, and so most people simply do nothing.
So what should we do about viruses? Well, it is a lot like the advice moms have given out since time began (modified just a bit):
| 1.) | Don't put anything in your computer that you don't know where it came from. | |
| 2.) | Use reliable protection | |
| 3.) | Bathe regularly (update your antivirus software weekly or on a vendor-recommended schedule) | |
| 4.) | Periodically get a full checkup, more often if you engage in risky behavior (e.g. file sharing networks). |
If you're a man or woman who won't use protection because it "interferes with things", you're just begging for an unexpected surprise, passing on the "gift that keeps on giving" until friends won't trust anything you send them. Do yourself and the rest of the world a favor, find the packing material for your computer, and return it to the store.
I won't make any money or get any air time on network television by giving out such common sense advice, but it has kept me and others out of trouble for years. If only common sense was, well…common.
---Love or hate this story? You can email me at: ed@poppoff.com
Previous Connected: Protecting Yourself From Identity Theft
|
For more information, contact Ed at SystemIntegrity, LLC by email at elamast@systemintegrity.com
or toll-free at 866-SAFE-BIZ. |
Ed
Lamaster is the CEO of SystemIntegrity, LLC, an information security company
based in Sacramento. For the past ten years, Ed has held positions in electronic
warfare, education, engineering, and information security within the US
military, education, healthcare, and financial services industries.
While an educator, Ed was a Fulbright group project participant in a joint
US/Russian cultural understanding project. He is an honors graduate in Russian
from the Defense Language Institute, and graduated cum laude from CSU,
Sacramento. He holds a number of education, language development, and computer
security/engineering certifications. Ed is a regular guest speaker on the Poppoff
radio program in Sacramento, and a frequent event speaker on the subjects of
Internet security, spyware, hackers and viruses. He currently resides in
Sacramento, California with his wife and two children.
Discuss this article with others right now at The Salon!
 |
 |
